A p a c h e B e n n u ------------------------ by Daniel S. Haischt What is this? ------------- Bennu Router, Firewall & Wi-Fi Perimeter is a modularized and extensible abstraction layer. Bennu allows to administer BSD based router, firewall and Wi-Fi platforms through a web service or web interface. Bennu will be a continuation of the now stale m0n0wall project. Why entering a lab? ------------------- Bennu will be a testbed for experimenting in the field of router, firewall & Wi-Fi perimeters (aka embedded and server systems). Why was it created? ------------------- The Bennu projects puts an emphasise on modularization and extensibility. One lesson learned while working on the m0n0wall or pfSense project is that those software systems are unorganized monolithic blocks. Adding more and more features on top of such a system means increasing its fragility. Bennu takes a different approach: instead of coding any logic in PHP, the goal of Bennu is to have a lightweight, probably C/C++ based, mediator that serves the purpose to mediate requests between the operating system and the management interface (e.g. a web service or a HTML based web interface). Such mediation is necessary to abstract access for example to different packet filter implementations such as OpenBSD pf or IPFW. The latter can be found on FreeBSD systems for example. One design goal of Bennu will be to evaluate which componentization methodology fits best on a platform that must be deployable on embedded systems such as a Soekris or on enterprise level systems like HP ProLiant 1U server systems. One technology that comes to mind is SCA/SDO in its incarnation of Apache Tuscany. Having a HTML based management interface installed onto an appliance should be optional. Only the web service based management interface will always be provided as part of a stock appliance system. If there is no HTML based management interface installed on the appliance, a central management facility must be provided which allows accessing the appliance by using the web service management interface to execute administrative operations. Such a central management facility allows administration of large, enterprise scale installations of multiple appliance systems at once like they do exist in the form of m0n0wall installations nowadays. This includes versioning of appliance configurations and so on. The HTML based management system should be implemented either by using PHP v5 or Python with keeping in mind that these programming languages allow implementing OO based programming logic. One lesson learned in pfSense was that non OO based, rather spaghetti like code bases become untestable in a short period of time. Thus Bennu will provide a code base that is backed by appropriate unit tests. Bennu will provide extensibility using a package management system that allows modelling dependency graphs to be able to easily resolve package dependencies. A similar, semi professional system can be found in pfSense. Basically packages consist of optional GUI fragments, programming logic that extends the Bennu core and optional operating system libraries and programs that may extend the functionality provided by the underlying operating system. Additionally the package manager should provide information on packages which may provide equal features but are mutually exclusive. Currently Proposed Bennu Foundation Artifacts? ---------------------------------------------- The below artifacts are being proposed to make up the core Bennu system. * Bennu mediation core * Management Web service * HTML based management interface (Ajax/RIA based) * Package management layer * Central administration facility (may reassemble parts of the HTML GUI) Initial (vague) Milestone ? --------------------------- * Get the m0n0wall source code tree donated to the ASF * Extend the existing m0n0wall code base by a package management system for education purposes (would also attract current m0n0wall users towards Bennu). * Re-implement the current build system (assembling of resources and generation of an embedded or ISO image - cross OS version compile). * Evaluate whether to use PHP5 or Python as a base for the HTML GUI on an embedded appliance system (for obvious reasons, on large scale systems I would rather choose Python). * Evaluate whether to use Apache Tuscany. Resources --------- * FreeBSD: http://www.freebsd.org/ * IPFW: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html * Packet Filter: http://en.wikipedia.org/wiki/PF_%28firewall%29 * m0n0wall: http://m0n0.ch/wall/ * pfSense: http://www.pfsense.com/ (m0n0wall based) * FreeNAS: http://www.freenas.org/ (m0n0wall based) * AskoziaPBX: http://askozia.com/pbx (m0n0wall based) * Soekris embedded boards: http://www.soekris.com/ * Alix embedded boards: http://www.pcengines.ch/ - o - Thanks for your interest in Apache Bennu.